Atty. D cket # AUS920030621 US1 
Ashley et al. 



EL 977166111 



Meth d and system for a flexibl lightweight public-key-based mechanism for the GSS protocol 



1/4 



100 




WIRELESS 
PHONE 



PERSONAL 
DIGITAL ASSISTANT 

PERSONAL riKI. 1/1 

DIGITAL ASSISTANT (PRIOR ART) 




130 



126 



PRINTER 



DISK 

T 

132 



128 



134 



ROM 



I/O ADAPTER 



COMMUNICATION 
ADAPTER 



DISPLAY 
ADAPTER 



DISPLAY 



144 



USER INTERFACE 
ADAPTER 



148 



142 

MOUSE 



3Eh-i4o 

KEYBOARD 136 
COMMUNICATI ON I 



LINK 



FIG. IB 

(PRIOR ART) 



146 



Atty. Docket # AUS920030621US1 
Ashley et al. 

Method and system f r a flexibl lightweight public-key-based mechanism for the GSS protocol 



2/4 



USER 
PUBLIC KEY 
204 



USER 
PRIVATE KEY 
206 



FIG. 2 

(PRIOR ART) 




202 



REQUEST FOR CERTIFICATE 


208 




USER 






PUBLIC KEY 






204 













X.509 CERTIFICATE 


216 




USER 






PUBLIC KEY 






218 













CERTIFYING 


AUTHORITY 


210 




CA 






PUBLIC KEY 






212 














CA 






PRIVATE KEY 






214 













FIG. 3 

(PRIOR ART) 




CRL 
REPOSITORY 
312 



X.509 CERTIFICATE 
304 

Serial Number xxxxx 
Issuer Name xxxxx 

Subject Name /C=US/0=IBM/OU=DEVT/CN=JSMITH, 

• • • 

Signature xxxxx 



310 



HOST SYSTEM 
308 



SYSTEM 
REGISTRY 



SUBJECT 


SECURITY GROUP 


JSMITH 


XXXXXX 


■ ■ ■ 


■ ■ • 



INTERNET/INTRANET 
APPLICATION 
306 



Atty. Docket # AUS920030621US1 
Ashley et al. 

Method and system f r a flexible lightweight public-key-based mechanism for the GSS protocol 



3/4 



402 



□ 



CLIENT 



VALIDATE SERVER 
CERTIFICATE AND 
GENERATE SESSION KEY 
412 



ENCRYPT CLIENT 
AUTHENTICATION TOKEN 
420 



ANALYZE RESPONSE 
428 



TYPICAL 
GSS-API-COMPLIANT 
AUTHENTICATION 



406 



REQUEST SERVER'S s 
PUBLIC KEY CERTIFICATE ( 



SEND SERVER'S 



410 



PUBLIC KEY CERTIFICATE ? 



414 



SECURELY SEND SESSION KEY ? 



418 



SECURELY SEND RESPONSE ? 



SECURELY SEND A2 } 
CLIENT AUTHENTICATION TOKEN ( 



426 



SECURELY SEND RESPONSE } 



FIG. 4 

(PRIOR ART) 



□ 



404 



SERVER 



PROCESS REQUEST AND 
GENERATE RESPONSE 
408 



ACCEPT SESSION KEY AND 
GENERATE RESPONSE 
416 



AUTHENTICATE CLIENT 
AND GENERATE RESPONSE 
424 



Atty. D cket#AUS920030621US1 
Ashley et al. 

Method and system for a flexible lightweight public-key-based mechanism for the GSS protocol 



4/4 



502 



□ 



CLIENT 



VALIDATE SERVER 
CERTIFICATE 
5J2 

GENERATE 
TRANSPORT KEY AND 
AUTHENTICATION TOKEN 
514 



DECRYPT SESSION KEY 
524 



GSS-API-COMPLIANT 
AUTHENTICATION 



506 



REQUEST SERVER'S x 
PUBLIC KEY CERTIFICATE ( 



SEND SERVER'S 
PUBLIC KEY CERTIFICATE 



510 



516 



SECURELY SEND TRANSPORT KEY 
AND AUTHENTICATION TOKEN 



522 



SECURELY SEND SESSION KEY 




SERVER 



PROCESS REQUEST AND 
GENERATE RESPONSE 
508 



AUTHENTICATE CLIENT 
518 

GENERATE 
SESSION KEY 
520 



FIG. 5 



